Flip the default of explicitText to UTF8String

While it may have been reasonable to use VisibleString back when this code was written, it's an anachronism nowadays. In particular, configuring BoringSSL reports that they have seen malformed certificates with exactly the issue caused by this unfortuante default. Reported by Alex Gaynor in OpenSSL issue 20772 ok jsing
author: tb <> 2023-04-20 18:29:08 +0000
committer: tb <> 2023-04-20 18:29:08 +0000
commit: 03956fa6974a7dbbacec36f72b4ea9578cbcb49c (patch)
tree: f9d45d3a286ca4bfd1871bce153e9ed7fb690ee9 /src/lib
parent: db88fe8536ffa36ddf94e4a90f068f96fbfe072f (diff)
download: openbsd-03956fa6974a7dbbacec36f72b4ea9578cbcb49c.tar.gz
openbsd-03956fa6974a7dbbacec36f72b4ea9578cbcb49c.tar.bz2
openbsd-03956fa6974a7dbbacec36f72b4ea9578cbcb49c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c
index 3f106c691d..af8f16c9b0 100644
--- a/src/lib/libcrypto/x509/x509_cpols.c
+++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cpols.c,v 1.7 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.8 2023/04/20 18:29:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -594,7 +594,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
                cnf = sk_CONF_VALUE_value(unot, i);
                if (!strcmp(cnf->name, "explicitText")) {
                        if (not->exptext == NULL) {
-                                not->exptext = ASN1_VISIBLESTRING_new();
+                                not->exptext = ASN1_UTF8STRING_new();
                                if (not->exptext == NULL)
                                        goto merr;
                        }
author	tb <>	2023-04-20 18:29:08 +0000
committer	tb <>	2023-04-20 18:29:08 +0000
commit	03956fa6974a7dbbacec36f72b4ea9578cbcb49c (patch)
tree	f9d45d3a286ca4bfd1871bce153e9ed7fb690ee9 /src/lib
parent	db88fe8536ffa36ddf94e4a90f068f96fbfe072f (diff)
download	openbsd-03956fa6974a7dbbacec36f72b4ea9578cbcb49c.tar.gz openbsd-03956fa6974a7dbbacec36f72b4ea9578cbcb49c.tar.bz2 openbsd-03956fa6974a7dbbacec36f72b4ea9578cbcb49c.zip

diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index 3f106c691d..af8f16c9b0 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_cpols.c,v 1.7 2023/02/16 08:38:17 tb Exp $ */	1	/* $OpenBSD: x509_cpols.c,v 1.8 2023/04/20 18:29:08 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -594,7 +594,7 @@ notice_section(X509V3_CTX ctx, STACK_OF(CONF_VALUE) unot, int ia5org)
594	cnf = sk_CONF_VALUE_value(unot, i);	594	cnf = sk_CONF_VALUE_value(unot, i);
595	if (!strcmp(cnf->name, "explicitText")) {	595	if (!strcmp(cnf->name, "explicitText")) {
596	if (not->exptext == NULL) {	596	if (not->exptext == NULL) {
597	not->exptext = ASN1_VISIBLESTRING_new();	597	not->exptext = ASN1_UTF8STRING_new();
598	if (not->exptext == NULL)	598	if (not->exptext == NULL)
599	goto merr;	599	goto merr;
600	}	600	}